Visit NES for Jackson Home Page
Jackson Core Release Notes
1 version
Release notes for Jackson Core
Sep 25, 2025
Latest: 2.13.6
1 Patched CVE
September 2025
2.13.6
Released on Sep 25, 2025 Full Version:
2.13.5-jackson-core-2.13.6
Notes
- This release originates from the open‑source jackson-core project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.
Bug Fixes
This release patches the following:
- CVE-2025-52999: Nested data handling flaw in Jackson Core
- The default maximum nesting level is 1000 to prevent potential denial-of-service attacks.
- JsonFactory builder has streamReadConstraints for configuring the max nesting level.
- Possible Breaking Change: Applications that rely on specific nested data structures >=1000 will need to increase the maximum allowed nesting level.
Dependency Updates
- jackson-bom
2.13.6
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh